Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
|
-
|
||
/Users/bernard/Desktop/Constate
|
/Users/bernard/Desktop/Constate
|
||
/usr/libexec/xpcproxy
|
-
|
||
/usr/libexec/nsurlstoraged
|
/usr/libexec/nsurlstoraged --privileged
|
||
/usr/libexec/xpcproxy
|
-
|
||
/usr/libexec/firmwarecheckers/eficheck/eficheck
|
/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.emidzazi.site/se/cu
|
54.70.175.13
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
searchlb-3b453017ec33bbb9.elb.us-west-2.amazonaws.com
|
54.70.175.13
|
||
h3.apis.apple.map.fastly.net
|
151.101.67.6
|
||
www.emidzazi.site
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
54.70.175.13
|
searchlb-3b453017ec33bbb9.elb.us-west-2.amazonaws.com
|
United States
|
||
151.101.3.6
|
unknown
|
United States
|
||
96.17.64.247
|
unknown
|
United States
|
||
151.101.131.6
|
unknown
|
United States
|
||
151.101.195.6
|
unknown
|
United States
|
||
151.101.67.6
|
h3.apis.apple.map.fastly.net
|
United States
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1197a9000
|
page execute read
|
|||
11982d000
|
page read and write
|
|||
119861000
|
page readonly
|
|||
119828000
|
page read and write
|
|||
10bdc4000
|
page readonly
|
|||
10bdb3000
|
page read and write
|
|||
10bda0000
|
page read and write
|
|||
10bdaf000
|
page readonly
|
|||
10bd75000
|
page execute read
|